Constructing an Ideal Hash Function from Weak Ideal Compression Functions
نویسنده
چکیده
We introduce the notion of a weak ideal compression function, which is vulnerable to strong forms of attack, but is otherwise random. We show that such weak ideal compression functions can be used to create secure hash functions, thereby giving a design that can be used to eliminate attacks caused by undesirable properties of compression functions. We prove that the construction we give, which we call the “zipper hash,” is ideal in the sense that the overall hash function is indistinguishable from a random oracle when implemented with these weak ideal building blocks. The zipper hash function is relatively simple, requiring two compression function evaluations per block of input, but it is not streamable. We also show how to create an ideal (strong) compression function from ideal weak compression functions, which can be used in the standard iterated way to make a streamable hash function.
منابع مشابه
Constructing Secure Hash Functions from Weak Compression Functions: The Case for Non-Streamable Hash Functions
In a recent paper, Lucks espoused a “failure-friendly” approach to hash function design [12]. We expand on this idea in two main ways. First of all, we consider the notion of a weak ideal compression function, which is vulnerable to strong forms of attack, but is otherwise random. We show that such weak ideal compression functions can be used to create secure hash functions, thereby giving a de...
متن کاملMerkle-Damgård Revisited: How to Construct a Hash Function
The most common way of constructing a hash function (e.g., SHA-1) is to iterate a compression function on the input message. The compression function is usually designed from scratch or made out of a block-cipher. In this paper, we introduce a new security notion for hash-functions, stronger than collision-resistance. Under this notion, the arbitrary length hash function H must behave as a rand...
متن کاملHash Functions from Defective Ideal Ciphers
Motivation • Cryptographic constructions based on lower-level primitives are often analyzed by modeling the primitive as an ideal object – Sometimes, impossible to construct based on standard assumptions – Here: hash functions from block ciphers • When instantiated, the primitive may have " defects " and be far from ideal Motivating example • Related-key attacks on block ciphers – Several such ...
متن کاملA New Ring-Based SPHF and PAKE Protocol On Ideal Lattices
emph{ Smooth Projective Hash Functions } ( SPHFs ) as a specific pattern of zero knowledge proof system are fundamental tools to build many efficient cryptographic schemes and protocols. As an application of SPHFs, emph { Password - Based Authenticated Key Exchange } ( PAKE ) protocol is well-studied area in the last few years. In 2009, Katz and Vaikuntanathan described the first lattice-based ...
متن کاملConstructing Cryptographic Hash Functions from Fixed-Key Blockciphers
We propose a family of compression functions built from fixed-key blockciphers and investigate their collision and preimage security in the ideal cipher model. The constructions have security approaching and in many cases equaling the security upper bounds found in previous work of the authors [24]. In particular, we describe a 2n-bit to n-bit compression function using three calls to a permuta...
متن کامل